Chapter 1 IGMP Snooping Configuration
Commands
Syntax
display igmp-snooping configuration
View
Any view
Parameter
None
Description
Use the display igmp-snooping
configuration command to display IGMP Snooping configuration information.
When IGMP Snooping is enabled on the
switch, this command displays the following information: IGMP Snooping status,
aging time of the router port, query response timeout time, and aging time of
multicast member ports.
Related command: igmp-snooping.
Example
# Display IGMP Snooping configuration
information on the switch.
<H3C> display igmp-snooping
configuration
Enable IGMP-Snooping.
The router port timeout is 105
second(s).
The max response timeout is 1
second(s).
The host port timeout is 260
second(s).
The above-mentioned information shows: IGMP
Snooping is enabled, the aging time of the router port is 105 seconds, the query
response timeout time is one second, and the aging time of multicast member
ports is 260 seconds.
Syntax
display igmp-snooping
group [ vlan vlan-id ]
View
Any view
Parameter
vlan-id: VLAN
under which the multicast group information is to be displayed. If you do not
provide this argument, this command displays the multicast group information of
all VLANs.
Description
Use the display igmp-snooping group
command to display information about the IP and MAC multicast groups under the specified
VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).
This command displays the following
information: VLAN ID, router port, IP multicast group address, member ports
included in the IP multicast group, MAC multicast group, MAC multicast group
address, and member ports included in the MAC multicast group.
Example
# Display information about the multicast
groups under VLAN 2.
<H3C> display igmp-snooping
group vlan 2
Vlan(id):2.
Total 1 IP Group(s).
Total 1 MAC Group(s).
Router port(s):Ethernet1/0/1
IP group(s):the following ip
group(s) match to one mac group.
IP group address:230.45.45.1
Host
The information above means:
l
Multicast groups exist in VLAN 2.
l
The router port is Ethernet1/0/1.
l
The address of the IP multicast group is
230.45.45.1.
Syntax
display igmp-snooping
statistics
View
Any view
Parameter
None
Description
Use the display igmp-snooping statistics
command to display IGMP Snooping statistics.
This command displays the following
information: the numbers of the IGMP general query packets, IGMP group-specific
query packets, IGMPv1 report packets, IGMPv2 report packets, IGMP leave packets
and error IGMP packets received, and the number of the IGMP group-specific query
packets sent.
Related command: igmp-snooping.
Example
# Display IGMP Snooping statistics.
<H3C> display igmp-snooping
statistics
Received IGMP general query packet(s)
number:0.
Received IGMP specific query
packet(s) number:0.
Received IGMP V1 report packet(s)
number:0.
Received IGMP V2 report packet(s)
number:0.
Received IGMP leave packet(s)
number:0.
Received error IGMP packet(s)
number:0.
Sent IGMP specific query packet(s)
number:0.
The information above shows that IGMP receives:
l
zero IGMP general query packets
l
zero IGMP specific query packets
l
zero IGMPv1 report packets
l
zero IGMPv2 report packets
l
zero IGMP leave packets
l
zero IGMP error packets
IGMP Snooping sends:
l
zero IGMP specific query packets
Syntax
igmp-snooping { enable | disable }
View
System view
Parameter
enable: Enables
the IGMP Snooping feature.
disable:
Disables the IGMP Snooping feature.
Description
Use the igmp-snooping enable command
to enable the IGMP Snooping feature.
Use the igmp-snooping disable
command to disable the IGMP Snooping feature.
By default, the IGMP Snooping feature is
disabled.
Example
# Enable the IGMP Snooping feature on the
switch.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping enable
Enable IGMP-Snooping ok.
Syntax
igmp-snooping
fast-leave [ vlan vlan-list ]
undo igmp-snooping
fast-leave [ vlan vlan-list ]
View
System view, Ethernet port view
Parameter
vlan-list: List
of VLANs. You can specify multiple VLANs by providing this argument in the form
of vlan-list = { vlan-id [ to vlan-id ] } &
< 1-10 >, where vlan-id is the ID of the VLAN, in the range
of 1 to 4,094 and & < 1-10 > means that you can provide up to 10 VLANs/VLAN
ranges for this argument.
Description
Use the igmp-snooping fast-leave
command to enable IGMP fast leave processing.
Use the undo igmp-snooping
fast-leave command to cancel the configuration.
By default, IGMP fast leave processing is disabled.
Normally, upon receipt of an IGMP Leave
message, Switch does not immediately remove the port from the multicast group,
but sends a group-specific query message. If no response is received in a given
period, it then removes the port from the multicast group.
After this command is executed, upon receipt
of an IGMP Leave packet, Switch removes the port from the multicast group directly.
When the port is connected to only one user, enabling IGMP fast leave
processing can save bandwidth.
l
This feature is effective for IGMPv2-enabled
clients only.
l
When this feature is enabled, if one of the
multiple users on a port leaves, the multicast services for the other users in
the same multicast group may be interrupted.
Example
# Enable IGMP fast leave processing on
Ethernet1/0/1.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] igmp-snooping
fast-leave
Syntax
igmp-snooping general-query source-ip {
current-interface | ip-address }
undo igmp-snooping general-query source-ip
View
VLAN view
Parameter
current-interface:
Specifies the current interface whose IP address is selected by the Layer 2
multicast switch.
ip-address: Source
IP address of the general query packet that the Layer 2 multicast switch sends.
Description
Use the igmp-snooping general-query
source-ip current-interface command to configure the Layer 2
multicast switch to use the IP address of the current VLAN interface as the
source IP address of the general query packets that the Layer 2 multicast
switch sends. If no IP address is configured on the current VLAN interface, the
default IP address 0.0.0.0. is used as the default source IP address.
Use the igmp-snooping general-query
source-ip ip-address command to configure the Layer 2
multicast switch to use the specified IP address as the source IP address when
sending general query packets.
Use the undo igmp-snooping
general-query source-ip command to configure the Layer 2 multicast
switch to use the default IP address as the source address when sending general
query packets.
These commands are effective after the IGMP
Snooping querier is enabled on the switch; otherwise, the switch cannot send
general query packets.
By default, the Layer 2 multicast switch
sends general query packets with the source IP address 0.0.0.0.
Example
# Configure the Layer 2 multicast switch to
send general query packets with the source IP address 2.2.2.2 in VLAN 3.
<H3C> system-view
System view, return to user view with
Ctrl+Z.
[H3C] igmp-snooping enable
[H3C] vlan 3
[H3C-vlan3] igmp-snooping enable
[H3C-vlan3] igmp-snooping querier
[H3C-vlan3] igmp-snooping
general-query source-ip 2.2.2.2
Syntax
igmp-snooping
group-limit limit [ vlan vlan-list [
overflow-replace ] ]
undo igmp-snooping
group-limit [ vlan vlan-list ]
View
Ethernet port view
Parameter
limit:
Maximum number of multicast groups the port can join, in the range of 1 to 256.
overflow-replace:
Allows a new multicast group to replace an existing multicast group and the
multicast group with the lowest IP address is replaced first.
vlan-list:
List of VLANs. You can specify multiple VLANs by providing this argument in the
form of vlan-list = { vlan-id [ to vlan-id ]
}&<1-10>, where &<1-10> means that you can provide up to 10
VLANs/VLAN ranges for this argument. VLAN ID ranges from 1 to 4094.
Description
Use the igmp-snooping group-limit
command to define the maximum number of multicast groups the port can join.
Use the undo igmp-snooping group-limit
command to restore the default setting.
By default, there is no limit on the number
of multicast groups the port can join.
Example
# Allow Ethernet1/0/1 to join at most 200
multicast groups.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] igmp-snooping
group-limit 200
Syntax
igmp-snooping group-policy acl-number [ vlan vlan-list ]
undo igmp-snooping group-policy [ vlan vlan-list ]
View
System view, Ethernet port view
Parameter
acl-number:
Basic ACL number, in the range of 2000 to 2999.
vlan-id: vlan-list:
List of VLANs. You can specify multiple VLANs by providing this argument in the
form of vlan-list = { vlan-id [ to vlan-id ]
}&<1-10>, where &<1-10> means that you can provide up to 10
VLANs/VLAN ranges for this argument. VLAN ID ranges from 1 to 4094.
Description
Use the igmp-snooping group-policy
command to configure an IGMP Snooping filtering ACL.
Use the undo igmp-snooping
group-policy command to remove the IGMP Snooping filtering ACL.
By default, no IGMP Snooping filtering ACL
is configured.
You can configure multicast filtering ACLs
globally or on the switch ports connected to user ends so as to use the IGMP
Snooping filter function to limit the multicast streams that the users can access.
With this function, you can treat different VoD users in different ways by
allowing them to access the multicast streams in different multicast groups.
In practice, when a user orders a multicast
program, an IGMP host report message is generated. When the message arrives at
the switch, the switch examines the multicast filtering ACL configured on the
access port to determine if the port can join the corresponding multicast group
or not. If yes, it adds the port to the forward port list of the multicast
group; if not, it drops the IGMP host report message and does not forward the
corresponding data stream to the port. In this way, you can control the
multicast streams that users can access.
An ACL rule defines a multicast address or a
multicast address range (for example 224.0.0.1 to 239.255.255.255) and is used
to:
l
Allow the port(s) to join only the multicast
group(s) defined in the rule by a permit statement.
l
Inhibit the port(s) from joining the multicast
group(s) defined in the rule by a deny statement.
l
One port can belong to multiple VLANs. But for
each VLAN on the port, you can configure only one ACL.
l
If no ACL rule is configured or the port does
not belong to the specified VLAN, the filter ACL you configured does not take
effect on the port.
l
Since most devices broadcast unknown multicast packets,
this function is often used together with the unknown multicast packet drop
function to prevent multicast streams from being broadcast to a filtered port
as unknown multicast packets.
Example
# Configure ACL 2000 to allow users under
Ethernet1/0/1 to access the multicast streams in groups 225.0.0.0 to
225.255.255.255.
l
Configure ACL 2000.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] acl number 2000
[H3C-acl-basic-2000] rule permit
source 225.0.0.0 0.255.255.255
[H3C-acl-basic-2000] quit
l
Create VLAN 2 and add Ethernet1/0/1 to VLAN 2.
[H3C] vlan 2
[H3C-vlan2] port Ethernet 1/0/1
[H3C-vlan2] quit
l
Configure ACL 2000 on Ethernet1/0/1 to allow this
VLAN 2 port to join only the IGMP multicast groups defined in the rule of ACL
2000.
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] igmp-snooping
group-policy 2000 vlan 2
[H3C-Ethernet1/0/1] quit
# Configure ACL 2001 to allow users under
Ethernet1/0/2 to access the multicast streams in any groups except groups 225.0.0.0
to 225.0.0.255.
l
Configure ACL 2001.
[H3C] acl number 2001
[H3C-acl-basic-2001] rule deny source
225.0.0.0 0.0.0.255
[H3C-acl-basic-2001] rule permint
source any
[H3C-acl-basic-2001] quit
l
Create VLAN 2 and add Ethernet1/0/2 to VLAN 2.
[H3C] vlan 2
[H3C-vlan2] port Ethernet 1/0/2
[H3C-vlan2] quit
l
Configure ACL 2001 on Ethernet1/0/2 to allow this
VLAN 2 port to join any IGMP multicast groups except those defined in the deny
rule of ACL 2001.
[H3C] interface Ethernet 1/0/2
[H3C-Ethernet1/0/2] igmp-snooping
group-policy 2001 vlan 2
Syntax
igmp-snooping host-aging-time seconds
undo igmp-snooping host-aging-time
View
System view
Parameter
seconds:
Aging time (in seconds) of multicast member ports, in the range of 200 to 1,000.
Description
Use the igmp-snooping host-aging-time
command to configure the aging time of multicast member port.
Use the undo igmp-snooping
host-aging-time command to restore the default aging time.
By default, the aging time of multicast
member ports is 260 seconds.
The aging time of multicast member ports
determines the refresh frequency of multicast group members. In an environment
where multicast group members change frequently, a relatively shorter aging
time is required.
Related command: igmp-snooping.
Example
# Set the aging time of multicast member
ports to 300 seconds.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping host-aging-time
300
Syntax
igmp-snooping max-response-time seconds
undo igmp-snooping max-response-time
View
System view
Parameter
seconds: Query
response timeout time in seconds, in the range of 1 to 25.
Description
Use the igmp-snooping max-response-time
command to configure the query response timeout time.
Use the undo igmp-snooping max-response-time
command to restore the default timeout time.
By default, the query response timeout time
is 10 seconds.
The maximum response time you configured
determines how long the switch can wait for a response to an IGMP Snooping
query message.
Related command: igmp-snooping, igmp-snooping
router-aging-time.
Example
# Set the query response timeout time to 15
seconds.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping max-response-time
15
Syntax
igmp-snooping
querier
undo igmp-snooping
querier
View
VLAN view
Parameter
None
Description
Use the igmp-snooping querier
command to enable the IGMP Snooping querier feature on the current VLAN of the
Layer 2 multicast switch.
Use the undo igmp-snooping querier
command to disable the IGMP Snooping querier feature on the current VLAN of the
Layer 2 multicast switch.
By default, the IGMP Snooping querier
feature of the Layer 2 multicast switch is disabled.
Example
# Enable the IGMP Snooping feature on VLAN
3 of the Layer 2 multicast switch.
<H3C> system-view
System view, return to user view with
Ctrl+Z.
[H3C] igmp-snooping enable
[H3C] vlan 3
[H3C-vlan3] igmp-snooping enable
[H3C-vlan3] igmp-snooping querier
Syntax
igmp-snooping
query-interval seconds
undo igmp-snooping
query-interval
View
VLAN view
Parameter
seconds:
Interval for the Layer 2 multicast switch to send general query packets.
Description
Use the igmp-snooping
query-interval command to configure the interval for the Layer 2 multicast
switch to send general query packets.
Use the undo igmp-snooping
query-interval command to restore the interval to the default value.
These commands are effective after the IGMP
Snooping querier feature is enabled. Otherwise, the switch will not send
general query packets. The configured query interval must be longer than the
maximum response interval of the host,
By default, the Layer 2 multicast switch
sends general query packets at the interval of 60 seconds.
Example
# Configure the Layer 2 multicast switch to
send general query packets at the interval of 100 seconds on VLAN 3.
<H3C> system-view
System view, return to user view with
Ctrl+Z.
[H3C] igmp-snooping enable
[H3C] vlan 3
[H3C-vlan3] igmp-snooping enable
[H3C-vlan3] igmp-snooping querier
[H3C-vlan3] igmp-snooping
query-interval 100
Syntax
igmp-snooping router-aging-time seconds
undo igmp-snooping router-aging-time
View
System view
Parameter
seconds: Aging
time (in seconds) of the router port, in the range of 1 to 1,000.
Description
Use the igmp-snooping router-aging-time
command to configure the aging time of the IGMP Snooping router port.
Use the undo igmp-snooping
router-aging-time command to restore the default aging time.
By default, the aging time of the router port
is 105 seconds.
The router port here refers to the port
connecting the Layer 2 switch to the router. The Layer 2 switch receives IGMP
general query messages from the router through this port. The aging time of the
router port should be a value about 2.5 times of the general query interval.
Related command: igmp-snooping
max-response-time, igmp-snooping.
Example
# Set the aging time of the router port to 500
seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping router-aging-time
500
Syntax
reset igmp-snooping statistics
View
User view
Parameter
None
Description
Use the reset igmp-snooping statistics
command to clear IGMP Snooping statistics.
Related command: igmp-snooping.
Example
# Clear IGMP Snooping statistics.
<H3C> reset igmp-snooping
statistics
Syntax
service-type multicast
undo service-type multicast
View
VLAN view
Parameter
None
Description
Use the service-type multicast
command to set the current VLAN as a multicast VLAN.
Use the undo service-type multicast
command to cancel the multicast VLAN setting.
By default, no VLAN is a multicast VLAN.
By configuring a multicast VLAN, adding the
corresponding switch ports to the multicast VLAN, and enabling IGMP Snooping,
you can allow users in different VLANs to share the same multicast VLAN. This
saves bandwidth since multicast stream is transmitted only within the multicast
VLAN, and also guarantees the security because the multicast VLAN is completely
isolated from the user VLANs.
l
Isolate VLANs cannot be set as multicast VLANs.
l
One port belongs to one multicast VLAN only.
l
The type of ports connected to the user terminal
must be hybrid.
l
The multicast member port must be in the same
multicast VLAN with the router port. Otherwise, the port cannot receive
multicast packets.
l
If a router port is added to a multicast VLAN,
the router port must be configured as a trunk port or tagged hybrid port.
Otherwise, all the multicast member ports in this multicast VLAN cannot receive
multicast packets.
l
If a multicast member port needs to receive
packets forwarded by the router port that does not belong to any multicast
VLAN, the multicast member port must be removed from the multicast VLAN.
Otherwise, the port cannot receive multicast packets.
Example
# Configure VLAN 2 as a multicast VLAN.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] vlan 2
[H3C-vlan2] service-type multicast
Chapter 3 Multicast MAC Address Entry Configuration
Commands
Syntax
mac-address
multicast mac-address interface interface-list vlan
vlan-id
undo mac-address
multicast [ mac-address [ interface interface-list
] vlan vlan-id ]
View
System view
Parameter
mac-address:
Multicast MAC address.
vlan-id:
VLAN ID.
interface-list: Forward port list. You can specify multiple ports by providing
this argument in the format of interface-list = { interface-type
interface-number [ to { interface-type interface-number } ] }&<1-10>,
where interface-type refers to the port type and interface-number refers
to the port number. For meanings and value ranges of interface-type and interface-number,
refer to the parameters described in the “Port Basic Configuration”
module in this manual.
Description
Use the mac-address multicast
command to add a multicast MAC address entry.
Use the undo mac-address
multicast command to remove a multicast MAC address entry.
Each multicast MAC address entry contains multicast
address, forward port, VLAN ID, and so on.
Related command: display mac-address
multicast static.
Example
# Add a multicast MAC address entry, with
multicast address 0100-5e0a-0805, forward port Ethernet1/0/1, and VLAN 1 to
which the entry belongs.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mac-address multicast
0100-5e0a-0805 interface Ethernet 1/0/1 vlan 1
Syntax
mac-address
multicast mac-address vlan vlan-id
undo mac-address
multicast [ [ mac-address ] vlan vlan-id ]
View
Ethernet port view
Parameter
mac-address:
Multicast MAC address.
vlan-id:
VLAN ID.
Description
Use the mac-address multicast vlan
command to add a multicast MAC address entry.
Use the undo mac-address
multicast vlan command to remove a multicast MAC address entry.
Each multicast MAC address entry contains
multicast address, VLAN ID, and so on.
Related command: display mac-address
multicast static.
Example
# Add a multicast MAC address entry on
Ethernet1/0/1, with multicast address 0100-1000-1000 and VLAN 1 to which the
entry belongs.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Ethernet1/0/1
[H3C-Ethernet1/0/1]mac-address
multicast 0100-1000-1000 vlan 1
Syntax
display mac-address
multicast [ static { { { mac-address vlan vlan-id
| vlan vlan-id } [ count ] } | count } ]
View
Any view
Parameter
mac-address vlan vlan-id: Displays multicast MAC address entry/entries in the specified
VLAN.
count: Displays
the number of MAC entries.
vlan-id: ID
of the specific VLAN.
Description
Use the display mac-address
multicast static command to display the multicast MAC address entry/entries
manually configured on the switch.
l
Executing this command with neither mac-address
nor vlan vlan-id will display the information about all the
multicast MAC address entries manually added on the switch, including the
multicast MAC address, VLAN ID, state of the MAC address, port number and aging
time.
l
Executing this command with vlan vlan-id
but without mac-address will display the information about all the
multicast MAC address entries manually added in the specified VLAN, including
the multicast MAC address, VLAN ID, state of the MAC address, port number and
aging time.
l
Executing this command with both mac-address
and vlan vlan-id will display the information about the multicast
MAC address entries manually added in the specified VLAN with the specified
multicast MAC address, including the multicast MAC address, VLAN ID, state of
the MAC address, port number and aging time.
l
Executing this command with count will
display the information about the number of multicast MAC address entries added
on the switch.
Example
# Display all the multicast MAC address
entries manually added in VLAN 1.
<H3C>display mac-address
multicast static vlan 1
MAC ADDR VLAN ID STATE PORT
INDEX AGING TIME(s)
0100-0001-0001 1 Config static Ethernet1/0/1 N/A
Ethernet1/0/2
Ethernet1/0/3
Ethernet1/0/4
--- 1 static mac address(es) found
---
